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CLAIMS 



1. A method for designing a specification of a hardware and software system, 
characterized in that it comprises: 

- a step of definition of services and, for each service, use cases; 

- a step of association of each use case with at least one departure state of the system, 
a user request and, for each departure state, an arrival state of the system; 

- a step of definition of operations, in the course of which, for each state, there is defined 
a set of elementary operations corresponding to the system response during arrival in the said 
state; 

- a step of specification of system architecture defining electronic control units and 
networks; 

- a step of mapping of elementary operations onto calculators; 
and at least one of the following steps: 

- a step of identification of data flows circulating on the said networks as a function of the 
said mapping; and 

- a step of identification of the specification of the calculator interfaces as a function of 
the said mapping. 

2. A method according to claim 1, characterized in that the mapping step comprises, for 
each service, a choice among a plurality of mapping modes comprising in particular: 

- mapping of the service onto a single calculator, 

- master-slave mapping, in which a supplementary elementary operation of control of the 
single service activates, depending on the state of the service in which the system finds itself, 
the elementary operations of the service, this supplementary elementary operation being 
mapped onto one of the calculators, 

- distributed mapping, in which the elementary operations are distributed over at least 
two calculators and, onto each of the said calculators, a supplementary elementary operation of 
control of the service is mapped and activates, depending on the state of the service in which 
the system finds itself, the elementary operations of the service mapped onto the said 
calculators. 

3. A method according to claim 2, characterized in that the supplementary elementary 
operations are generated automatically with: 
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- as inputs, all data necessary for calculation of the transitions of the control automaton 
of the service whose states are the states of the service and the transitions are the 
transformations, via an elementary operation, of the user's requests and 

- as output, a datum representing the state in which the service finds itself. 

4. A method according to one of the preceding claims, characterized in that, in the 
course of the step of identification of data flows, a state of each data flow is determined relative 
to a given electronic messaging system: 

- free data, to be mapped into frames, 

- data already mapped into frames and circulating on the network, and such that they are 
produced in the calculators in which the frame is produced and consumed in the calculators in 
which the frame is consumed, and 

- unused frame sites. 

5. A method according to one of the preceding claims, characterized in that, given a use 

case, 

- a performance constraint is imposed on the use case as well as on certain of 
the elementary operations executed in the arrival state of the said use case, 

- the list of those executions of elementary operations, executions of drivers, 
writes and reads in the frames, taking into account of information by sensors and 
actuators, and frame transfer to a network that are implemented following mapping of 
the said elementary operations is then automatically synthesized, 

- requirements of delay of execution and/or of response time of transmission, 
reading and writing frames, and of execution of drivers and of elementary operations are 
then specified, 

- the response times of sensors and actuators are indicated, 

- the fact that this performance constraint is satisfied for a mapping of the said 
elementary operations is validated or requirements of delay of execution and/or of 
response time to satisfy this performance constraint are specified. 

6. A method according to one of the preceding claims, characterized in that if, for a 
service having at least two variants, the said variants have shared elementary operations, then 
the said elementary operations are automatically mapped onto the same calculators or 
calculator variants during mapping of one of the variants. For example, variants of access to the 
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vehicle, one with a key, the other keyless, will share the elementary operations of locking and 
unlocking. 

7. A device for design of a specification of a hardware and software system, comprising: 

- a means of definition of services and, for each service, use cases; 

- a means of association of each use case with at least one departure state of the 
system, a user request and, for each departure state, an arrival state of the system; 

- a means of definition of operations, in the course of which, for each state, there is 
defined a set of elementary operations corresponding to the system response during arrival in 
the said state; 

- a means of specification of system architecture defining electronic control units and 
networks; 

- a means of mapping of elementary operations onto calculators; 
and at least one of the following means: 

- a means of identification of data flows circulating on the said networks as a function of 
the said mapping; and 

- a means of identification of the specification of the calculator interfaces as a function of 
. the said mapping. 

8. A device according to claim 7, characterized in that the device contains a means, 
preferably a tab, for selection of a hierarchical description, selection of each selection means 
causing a different screen of the device to appear. 

9. A device according to one of the preceding claims, characterized in that, for at least 
one screen, the hierarchical description represents, at a first level of hierarchy, a plurality of 
services and, at a second level of hierarchy, a plurality of use cases for each service; for 
example, a "windshield wiper" service can be defined by use cases of intermittent wiping, of 
slow wiping and of fast wiping. 

10. A device according to claim 9, characterized in that, for at least one said screen, 
each use case comprises an initial context or situation of the system, a user's request to the 
system and a response of the system corresponding to a change of its state. 
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11. A device according to claims 9 and 10, characterized in that, in at least one screen, 
states and associated state transitions are defined for each use case of a service. 

12. A device according to one of claims 7 to 11, characterized in that the states that 
function in modes transverse to common services are grouped in phases, each state is 
associated with one phase of the system, the set of formalized use cases representing all the 
responses or absences of response of the system in all phases, these in total representing all 
combinations of the modes of operation of the vehicle. 

13. A device according to claim 12, characterized in that each phase is composed of a 
set of combinations of modes of operation of the vehicle, the modes being transverse to the 
services and outside the direct control of the services, such as a mode representing an 
available energy level and/or a type of system user and/or an accident or non-accident condition 
of a vehicle. 

14. A device according to one of the preceding claims, characterized in that, for at least 
one screen, the hierarchical description represents a plurality of services at a first level of 
hierarchy and of phases of the service at a second level of hierarchy. 

15. A device according to any one of claims 10 to 14, characterized in that, for at least 
one screen, the hierarchical description represents a plurality of services at a first level of 
hierarchy and of states of the service at a second level of hierarchy. 

16. A device according to any one of claims 14 or 15, characterized in that, within the 
hierarchical description, a hierarchical level in a given state describes the elementary 
operations. 

17. A device according to any one of claims 7 to 16, characterized in that, for at least 
one screen, there can be effected mapping of elementary operations onto components 
represented in a synthetic view. 

18. A device according to claim 17, characterized in that it contains, for at least one 
screen, a synthetic view representing an envelope of a component and each elementary 
operation that the said component controls or instructs. 
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19. A device according to any one of claims 7 to 18, characterized in that it contains, for 
at least one screen, a synthetic view representing an envelope of a service and each 
elementary operation that the said service comprises. 

20. A device according to any one of claims 7 to 19, characterized in that, for at least 
one screen, at a first level of hierarchy, the hierarchical description represents the calculators of 
the system and, at a second level of hierarchy, elementary operations electronically monitored 
or controlled by each calculator. 

21. A device according to claim 20, characterized in that, for each said screen, a 
hierarchical level represents, for each calculator, the services that are mapped at least partly 
onto the said calculator. 

22. A device according to any one of claims 20 or 21, characterized in that, for each said 
screen, a synthetic view represents, for each calculator, the modes in which the said calculator 
must function. 

23. A device according to any one of claims 7 to 22, characterized in that, for at least 
one screen, a synthetic view represents at least one network and the components connected to 
it. 

24. A device according to any one of claims 7 to 23, characterized in that, for at least 
one screen, at a first level of hierarchy, the hierarchical description represents the calculators of 
the system and, at a second level of hierarchy, for each calculator, the data frames being 
transported on the buses to which the calculator and/or the electronic components (sensors, 
actuators) directly connected to the calculator are connected. 

25. A device according to any one of claims 7 to 24, characterized in that, for at least 
one screen, the hierarchical description represents the frames at a first level of hierarchy and, at 
a second level of hierarchy, for each frame, the data contained in the frames. 
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26. A device according to any one of claims 7 to 25, characterized in that, for at least 
one screen, a synthetic view represents components and/or networks and a projection of a 
service onto the said components and/or networks. 

27. A device according to any one of claims 7 to 26, characterized in that, for at least 
one screen, a hierarchical level describes, for each elementary operation, the input and output 
interface data flows, and, for each data flow, the driver and the component and/or the 
elementary operation with which the data flow is exchanged. 

28. A device according to any one of claims 7 to 27, characterized in that, for at least 
one screen, the hierarchical description represents, at a first level of hierarchy, a plurality of 
services and, at a second level of hierarchy, a plurality of service variants, for each service. 

29. A device according to any one of claims 7 to 28, characterized in that, for at least 
one screen, the hierarchical description represents, at a first level of hierarchy, a plurality of 
electronic components and, at a second level of hierarchy, a plurality of variants of electronic 
components, for each electronic component. 

30. A device according to any one of claims 7 to 29, characterized in that, for at least 
one synthetic view, a selection of an element of the synthetic view by means of a pointing 
device gives access to a representation of the functioning of the said element. 

31. A device according to any one of claims 7 to 30, characterized in that, for a use 
case, given partial or complete mapping of the services, there is automatically identified the set 
of elementary operations in the architecture as well as the set of data exchanged (frames, 
sensors, actuators) corresponding to execution of the use case. 

32. A device according to any one of claims 7 to 31, characterized in that, for a use 
case, if a performance constraint is imposed on the said use case, there is automatically 
identified the set of elementary operations in the architecture, the set of frames exchanged, the 
set of sensors necessary and/or the set of actuators activated, in such a manner as to assign 
respectively thereto the specific constraints of delay of execution, of delay of transmission, of 
delay of activation and/or to validate the constraints already imposed. 
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33. A device according to any one of the preceding claims, characterized in that it 
comprises, for objects, hardware components and/or services offered to the client, a graphic 
representation known as "envelope", which contains: 

- a contour representing the said object, 

- representations of other objects with which the said object communicates, and 

- representations of data exchanged with the said other objects. 

34. A device according to claim 32, characterized in that, when the said envelope 
represents a hardware component, data representations are effected for a service. 

35. A device according to any one of the preceding claims, characterized in that it 
contains, for each bus, a representation of components that are connected directly thereto and, 
for components directly connected to at least two buses, for each of these buses, associated 
with the said component, an identifier of each other bus to which the said component is directly 
connected. 

36. A device according to claim 35, characterized in that the said identifier is a graphical 
element, for example a patch with a color identical to that of the bus in the said representation. 

37. A manufactured article comprising a computer storage means having a computer 
program for designing a specification of a hardware and software system, characterized in that 
the program comprises a code for execution of the steps of the procedure defined in one of 
claims 1 to 6. 



